At Vanilla Forums, security is one of our biggest priorities. We know that when you put your logo on our product and deploy it to your customers, you’re putting a lot of trust in us. You’re relying on us to keep your data and service secure. Our engineering teams are faced with many competing priorities, but security is always at the top of the list. Without great security, nothing else matters.
Our commitment to security is the reason that we’ve invested significantly in the security of our service. Here are a few of the new security features that we’ve implemented recently:
Data at Rest Encryption
We’ve always supported SSL as a way to encrypt data as it travels over the internet. In addition to this, we now support “data at rest encryption”. This means that even if a hacker managed to penetrate our systems, the data inside would be of no use to them.
Our internal code review processes include a security review. If a vulnerability is found, we address it by deploying the updated code immediately. This year, we contracted a 3rd party security expert (a ‘white hat’ hacker) to conduct a thorough audit of our software and system infrastructure security. We also undergo audits by prospective customers and by members of our open source community. Our code is heavily scrutinized to ensure the best possible security for your data.
Unfortunately, sometimes security violations are committed by people who have legitimate access to a service. To help combat this, we’ve introduced a searchable event log. In the event of a security violation, it’s now simple to discover who was responsible for various actions.
Upgraded Denial of Service Protection
Distributed Denial of Service (DDoS) attacks are an increasingly common problem in internet security. The attacks involve targeting servers a flood of empty requests in an attempt to overwhelm them with traffic. We’ve recently upgraded our DDoS protection, allowing us to handle multi-gigabit attacks.
These recent security improvements are in addition to our existing security features. For a complete overview, please see our security overview datasheet here.
*Please note that these features are not available on all subscription plans.